Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fcplm' = '"%WINDIR%\xmk.exe"'
- '%WINDIR%\xmk.exe'
- '%WINDIR%\xmk.exe' -x -s 1892
- <SYSTEM32>\alg.exe
- %WINDIR%\xmk.exe
- %WINDIR%\sqlite3.dll
- %TEMP%\~DF49D.tmp
- %TEMP%\~DF3793.tmp
- %TEMP%\de9_appcompat.txt
- DNS ASK ev####ete.zapto.org